At American Family Insurance, we have embraced corporate responsibility fully, continuously striving to create lasting and transformative change. Learn more about this work in our first-ever Corporate Responsibility Report.

14 Ways to Protect Customer Data

It may surprise you to learn that nearly half of all cyber attacks target small businesses. One reason they make appealing targets to data thieves is that they often don’t have the defense systems in place like large groups typically do and/or haven’t put money aside to effectively manage cybercrimes.

“Often, the hackers get away with it because small businesses don’t have the resources to combat it,” notes Terry Evans, president of Lighthouse Business Consulting Services, and an expert in cyber-security for small businesses.

In a recent study, 43 percent of all spear-phishing campaigns involved cyber attackers using deceptive emails to get at sensitive information. These are emails sent to employees from known senders — they spoof an email address familiar to the recipient — and request exploitable data to be emailed back. They're targeting small business employees specifically, according to the internet security company Symantec.

The Importance of Network Security Software and Encryption

Whether you sell products at a brick-and-mortar store or through a website, the good news is: knowledge is power. By now it should be clear that technological safety in today’s workplace is more important than ever. So take these steps to keep your customer data safe.You'll not only retain more customers, they're going to feel safer doing business with you as well.

Install — and update — the right software. Running anti-virus, anti-malware and/or anti-spyware software is your first line of defense. But you must make sure it is regularly updated. “One of the problems I see with small businesses is that they buy into a product they either don’t need, don’t want, don’t understand, or they don’t use, and it just kind of sits there,” says Evans. “Or they’ll buy a product and won’t update it and then it’s worthless.” Because hackers are constantly revising their tactics, you're odds of beating them are best if you update frequently. If given the option, always select the "update automatically" setting to be sure you're running the latest and greatest software version.

Use a secure network. Invest in a secure, dedicated server used only by your business and your employees. While it may be cheaper upfront to share your server, by using a secure network you significantly lower the risk of leaving your customers’ information open to hacking. And always back up your all of your data. By having backups of everything, you won’t be devastated by “ransomware,” a type of malware that blocks access to your data until you pay a ransom.

Encrypt everything. Using encryption technology is another way to really safeguard customer information. Invest in the latest encryption software and keep it updated. It’s also wise to encrypt your email if you’re sending/receiving sensitive data.

Security Measures That Can Stop a Data Breach

Almost all businesses gather and store information on their customers, employees and business contacts. With data breaches on the rise, hackers are keen on exploiting any vulnerability — an easy target is frequently “easy money.” Take a look at these ideas to tighten security which can help deter a data breach.

Create strong passwords. Ditch the four-letter, easy-to-remember passwords. Make them strong and long. “Passwords should be at least eight characters long but I would advocate for 13 or 15 characters,” says Evans. “They should not be a word; they should be random with symbols, numbers, capitalization, and all of that.”

Verify PCI compliance. If your group is handling credit card transactions, be sure the way you’re storing, processing and transmitting cardholder information is compliant with Payment Card Industry Data Security Standards (PCI DSS). By implementing the basics of PCI compliance at your group, customers can feel safe knowing that their personal information is being handled securely.

Tightening Up Security on Hard Copies and Computers

Many times, small businesses take measures to protect their digital data, but fail to work safely with physical data and the electronic devices that store this information. Take a look at these ideas to keep your hard copies and electronics safe.

Destroy before dumping. Some data breaches occur right out of your dumpster in the alley. Recycling old files and paper copies is a great practice, but be sure to cross-cut/shred these files before discarding. If you’re going to be reusing a computer that previously held sensitive information, wipe the drive clean by using software designed specifically for that purpose. If a computer’s being decommissioned, be sure to pull the hard drive and physically destroy it.

Keep only the data you need. Take a look at the kinds of data you’re keeping and consider whether you really need to store this information. Customer names may be important, but do you really need their birthdates? Consider purging any data that does not directly relate to your business needs. You also may want to think twice about storing customers’ credit card information. “Those are clients’ credits cards, you don’t need to hold on to them, and once you do, you create an enormous problem for yourself,” Evans adds.

Physically lock up hard copies. Safeguard your files, papers and records behind a locked door. Adding additional measures like a numeric keypad or even biometric verification can really boost security. It also can help to build confidence when prospective investors are touring your business.

Lock up portable media and company cell phones. Flash and USB drives should be tightly controlled. Require users to check these media in and out and be sure to encrypt data saved on these drives. Company cell phones are another easy target and can expose your network to vulnerability — most frequently when these devices are charging or synching with a networked computer. Again, installing encryption software on smart phones can help to keep your network and customer data safe.

Disaster Recovery and Emergency Preparedness

Having a plan in place when you first notice a data breach is just as important as any other preventative measure. If you’re well-prepared to respond to a breach you can lessen its impact on your business.

Get a plan in place. Managing an emergency means knowing what to do when, regardless of the disaster type. You’ll likely need an outside expert to assess the damage and get a handle on what — and how — the event unfolded. Seek out a well-referenced cyber-security group now and inquire about a maintenance contract, too. They’re often able to help bolster your current security plan and lessen the impact of an active data breach.

Put the plan into action. Practice makes perfect, and because so much of cyber-security may be difficult for your employees to grasp, it’s a great idea to have them go through a few dry runs so they’re familiar with the process should they ever need to take action on it.

Prepare for multiple points of entry. Be clear on each step to be taken and consider the source of the breach too. You may have several scenarios that mandate different action to be taken, depending on the breach. “You can spend a fair amount of money on software and other security measures, security cameras, and all of that, but if you leave your back door open, you’ve wasted your money,” says Evans. Work with your security consultant to understand where the potential risks are.

Delegation is key. Appoint an on-site data manager that can act as a point person who’ll be responsible for making decisions when it comes to breaches and readiness for emergencies. High-ranking executives, senior database managers, even someone elected by your board of directors to perform this role all make great candidates.

Train staffers in best practices. Often, the weakest link between customer information and a data breach is the small business’ employees. “I’ve walked into brick-and-mortar stores, into what should be a secure area—their accounting area—and computers are up and available and logged in,” says Evans. “I also see people scribble passwords down on a post-it note or desk blotter making the password visible to folks.” Train employees with a best practices manual that identifies how to secure company data at every entry point, from computers on-site and cell phones too. Two-factor authentication measures for off-site access to protected files can help to prevent a breach as well.

Chances are, there will always be thieves targeting customer data. But you have the power to protect your customer information and help ensure your future sales by taking this job head-on. While you’re building up your business’ cyber-security profile, remember to check in with an American Family Insurance agent and review any changes that you’ve made to your inventory — even software updates and purchases — that help to protect you from hacking or data breaches. Your group will be more secure, and that's as good as money in the bank.